A Pittsburgh-area heating and refrigeration business has verified that it is part of the investigation into the breach of consumer data that took place during the holiday shopping season.

Fazio Mechanical Services Inc., a contractor that does business with Target Corp., said in a statement late Thursday that it was the victim of a “sophisticated cyberattack operation,” just as Target was. It said it is cooperating with the Secret Service and Target to figure out what happened.

The statement came days after Internet security bloggers identified the Sharpsburg, Pa., company as the third-party vendor through which hackers penetrated Target’s computer systems.

Target has said it believes hackers broke into its vast network by first infiltrating the computers of one of its vendors. Then the hackers installed malicious software in Target’s checkout system for its estimated 1,800 U.S. stores.

Some 40 million accounts were breached between Nov. 27 and Dec. 18, Target has said. It also reported that other personal data from possibly an additional 70 million customers may have been compromised.

If Fazio’s access was, in fact, how the thieves pulled it off — and investigators appear to be looking at that theory — it illustrates just how vulnerable big corporations have become as they expand and connect their computer networks to other companies to increase convenience and productivity.

Cybersecurity analysts had speculated that Fazio may have remotely monitored heating, cooling and refrigeration systems for Target, which could have provided a possible entry point for the hackers. But Fazio denied that, saying it uses its electronic connection with Target to submit bills and contract proposals.

The new details illustrate what can go wrong with the far-flung computer networks that big companies increasingly rely on.

“Companies really have to look at the risks associated with that,” said Ken Stasiak, CEO of SecureState, a Cleveland firm that investigates data breaches. Stasiak said industry regulations require companies to keep corporate operations such as contracts and billing separate from consumer financial information.

Stasiak emphasized that the thieves would have still needed to do some serious hacking to move through Target’s network and reach the checkout system.

Chester Wisniewski, an adviser for the computer security firm Sophos, said that while it may seem shocking that Target’s systems are that connected, it is a lot cheaper for a company to manage one network rather than several.

He added that while retailers are supposed to keep consumer information separate, they are not required to house it on a separate network.

Still, he said he was extremely surprised to hear that the hackers may have gotten in via a billing system, saying those kinds of connections are supposed to provide extremely limited access to the other company’s network.

As a result, while the hackers were clearly talented, it’s obvious something went wrong on Target’s end, he said.

“If normal practices were followed, they wouldn’t have been able to get access,” Wisniewski said.

Secret Service spokesman Brian Leary confirmed that investigators are looking into the attack at Fazio Mechanical Services but wouldn’t provide details.

Molly Snyder, spokeswoman for Minneapolis-based Target, would not comment.

As you comment, please be respectful of other commenters and other viewpoints. Our goal with article comments is to provide a space for civil, informative and constructive conversations. We reserve the right to remove any comment we deem to be defamatory, rude, insulting to others, hateful, off-topic or reckless to the community. See our full terms of use here.

More in News

In Mears Park, the holiday luminescence has lost some luster. The twinkle has tapered. The shine has dimmed. On a chilly Monday evening, Jacob Moore and his rat terrier, Tucker, wandered through downtown St. Paul’s Lowertown neighborhood, where they were underwhelmed by the holiday light display. The bars were busy, but the trees inside Mears Park were bare, though lights...

The River City Sculpture Tour, which this year brought a moose, giant dragonfly and chokecherry tree to downtown Stillwater, has been such a success that the organizer is planning to make it bigger and better in 2017. Artist and tour founder Julie Pangallo said Tuesday that she plans to expand the to downtown Bayport. “The tour has been phenomenally well-received,” Pangallo...

A 60-year-old Faribault man was killed Thursday evening when his car collided with a semitrailer in Rice County. The Minnesota State Patrol reported that Randy J. Hansen was driving a 1995 Pontiac Grand Am southbound on Highway 21 and making a left turn to continue eastbound on 21 shortly after 5:30 p.m. when his car collided with a semi going...

Transit for Liveable Communities and St. Paul Smart Trips are merging Jan. 1 to create a new nonprofit organization to promote buses, trains, bikes, car sharing, walking and other alternatives to putting more cars on the road.

DULUTH, Minn. — A Roanoke, Va., multimillionaire who made his fortune in health care and has recently purchased coal mines wants to buy the bankrupt Magnetation LLC operations on Minnesota’s Iron Range and put laid-off employees back to work. That’s the plan of Tom Clarke, owner of ERP Compliant Fuels and now ERP Iron Ore, who has brokered a deal...

Renaldo Terez McDaniel was looking under the hood of his car outside a St. Paul auto-parts store on a summer evening last June when three shots were fired. One hit the 31-year-old McDaniel in the shoulder, another pierced his stomach. The third struck his head.